CVE-2025-9608

Опубликовано: 29 авг. 2025

Источник: nvd

CVSS3: 6.3

CVSS3: 8.8

CVSS2: 6.5

EPSS Низкий

Описание

A vulnerability has been found in Portabilis i-Educar up to 2.10. This affects an unknown part of the file /module/FormulaMedia/view of the component Formula de Cálculo de Média Page. The manipulation of the argument ID leads to sql injection. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used.

Ссылки

https://github.com/marcelomulder/CVE/blob/main/i-educar/CVE-2025-9608.md
Exploit
Third Party Advisory
https://github.com/marcelomulder/CVE/blob/main/i-educar/SQL%20Injection%20(Blind%20Time-Based)%20Vulnerability%20in%20%60id%60%20Parameter%20on%20%60.module.FormulaMedia.view%60%20Endpoint%201.md#poc
Broken Link
https://vuldb.com/?ctiid.321786
Permissions Required
VDB Entry
https://vuldb.com/?id.321786
Third Party Advisory
VDB Entry
https://vuldb.com/?submit.636579
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:portabilis:i-educar:*:*:*:*:*:*:*:*

Версия до 2.10.0 (включая)

EPSS

Процентиль: 15%

0.00048

Низкий

6.3 Medium

CVSS3

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-74

Связанные уязвимости

GHSA-v925-r695-g8jc

CVSS3: 6.3

github

5 месяцев назад

EPSS

Процентиль: 15%

0.00048

Низкий

6.3 Medium

CVSS3

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-74